package com.manager.core.shiro.realm;

import java.util.HashSet;
import java.util.Objects;
import java.util.Set;

import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import com.manager.commons.log.LogFactory;
import com.manager.core.shiro.config.ShiroConfig;
import com.manager.core.shiro.config.ShiroUtil;
import com.manager.core.shiro.core.entity.LoginUser;
import com.manager.core.shiro.core.entity.ShiroUserRole;
import com.manager.core.shiro.core.service.ShiroService;


/**
 * 用户身份验证,授权Realm组件
 *
 * @author H
 */
@Service
public class SecurityRealm extends AuthorizingRealm {

	protected Logger logger = LogFactory.getLogger(SecurityRealm.class);
	@Autowired
	private ShiroService _service;

	/**
	 * 权限检查
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		String username = (String) getAvailablePrincipal(principals);
		// 查询当前用户所拥有的角色
		Set<String> strings = new HashSet<>();
		ShiroUserRole list = null;
		if (username.equals(ShiroConfig.superAdmin)) {
			list = new ShiroUserRole();
			list.setRoleCode(username);
			list.setRoleName("超级管理员");
		} else {
			list = _service.queryUserRoles(username);
		}
		strings.add(list.getRoleCode());
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(strings);
		ShiroUtil.setCurrentRole(list.getRoleCode(), list.getRoleName());
		return info;
	}

	/**
	 * 登录验证
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		UsernamePasswordToken upToken = (UsernamePasswordToken) token;
		// 获取用户输入的用户名
		String username = upToken.getUsername();
		AuthenticationInfo info = null;
		if (username == null) {
			throw new AccountException("用户验证错误-[用户名为空]");
		} else {
			try {
				LoginUser user = _service.queryAccountInfo(username);
				if (user == null) {
					throw new AccountException("用户验证错误[用户信息不存在].");
				} else if (!Objects.equals(user.get_status(), "1")) {
					throw new AccountException("用户验证错误[用户已禁用].");
				} else {
					info = this.buildAuthenticationInfo(user.getAccount(), user.getPassword().toCharArray());
					return info;
				}
			} catch (Exception e) {
				e.printStackTrace();
				throw new AccountException("用户验证错误[查询用户信息异常].");
			}
		}
	}

	protected AuthenticationInfo buildAuthenticationInfo(String username, char[] password) {
		return new SimpleAuthenticationInfo(username, password, getName());
	}



	public void updateAuthorization() {
		// 清理缓存

	}

}